Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137235.roa
File: AS137235.roa (raw, json)
Hash identifier: yhl6owJrwTQkExo+hVdll+j+9UAPS25qIzJk6chD2p8=
Subject key identifier: F7:9A:65:4E:63:56:40:E0:A7:EB:33:3E:F7:B5:49:FC:FA:32:60:36
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 495985B1D129FD9ACFA642DDFBD5285CCCBB697C
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137235.roa
Signing time: Mon 14 Jul 2025 09:35:14 +0000
ROA not before: Mon 14 Jul 2025 09:30:14 +0000
ROA not after: Mon 13 Jul 2026 09:35:14 +0000
asID: 137235
IP address blocks: 143.20.89.0/24 maxlen: 24
143.20.98.0/24 maxlen: 24
143.20.205.0/24 maxlen: 24
143.20.206.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 08:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
49:59:85:b1:d1:29:fd:9a:cf:a6:42:dd:fb:d5:28:5c:cc:bb:69:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Jul 14 09:30:14 2025 GMT
Not After : Jul 13 09:35:14 2026 GMT
Subject: CN=F79A654E635640E0A7EB333EF7B549FCFA326036
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:37:43:98:44:e9:9a:7f:22:f0:fe:29:25:f7:
a7:8f:03:6d:e1:8a:1c:5d:db:cc:76:86:16:4d:a2:
90:9d:29:c5:60:24:6d:c1:b0:06:a0:25:f0:c0:08:
38:53:d0:0c:8c:53:f2:c0:a4:ae:76:75:bf:95:50:
ce:6d:23:50:5d:07:e9:17:d2:ca:fc:80:6e:0d:c9:
64:c0:47:4b:7c:83:ae:7a:fd:52:bd:9b:f8:cf:cd:
44:2a:ce:e4:d3:4a:32:68:34:33:fb:b3:75:f2:22:
5a:50:41:0f:45:31:fc:5e:18:25:49:28:1f:54:15:
6d:83:23:21:c2:59:87:6b:7f:24:b1:ab:3f:f5:91:
59:3b:e2:e4:1a:bc:78:1a:a2:fb:9c:ca:aa:29:dc:
2a:31:77:15:55:a6:54:62:fc:e5:d4:af:6d:dc:44:
95:24:f3:69:e6:6d:17:11:a9:43:b0:1b:20:9c:9c:
10:5c:ea:1b:12:42:33:b4:62:6e:0f:85:0a:ee:4b:
28:ea:c6:7e:b3:71:00:60:e6:c5:fb:f7:97:88:a2:
ac:f4:0b:92:a0:b8:4f:05:8e:b7:80:d2:84:2c:ec:
da:86:d4:64:ae:37:3e:7e:3a:79:94:5d:67:d1:fe:
d4:a1:21:2d:41:1a:71:fe:ca:a0:19:ec:07:77:6e:
2c:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:9A:65:4E:63:56:40:E0:A7:EB:33:3E:F7:B5:49:FC:FA:32:60:36
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137235.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.89.0/24
143.20.98.0/24
143.20.205.0-143.20.206.255
Signature Algorithm: sha256WithRSAEncryption
4f:c3:ce:57:a6:ad:6f:07:88:2d:1b:e7:87:56:dd:e3:72:d4:
da:bb:05:f5:5e:8a:91:e4:24:33:a8:ae:c5:fc:31:85:f2:d7:
89:90:0b:8a:4e:8d:ac:31:30:6a:cb:f4:75:0a:a9:b0:e5:e4:
fa:70:8d:9e:23:3b:30:80:b7:fc:07:67:c0:44:50:e6:12:a7:
16:6e:0f:63:47:04:2a:7d:f4:e7:09:a2:a4:2e:26:3d:7c:d3:
71:bc:ae:59:a6:5b:8e:4e:51:85:4c:11:b9:67:d6:21:6e:bc:
48:6b:64:39:40:e9:4f:c9:9e:33:0b:4f:b7:40:9c:63:ac:a9:
96:aa:c0:c4:73:98:91:a8:3d:49:fc:cd:90:8c:25:3a:05:3b:
f4:33:99:89:94:c0:b2:38:66:ed:b8:06:c1:1e:eb:5c:79:08:
0a:b2:55:c5:3d:75:42:45:75:4c:7d:07:e5:c1:14:74:aa:c5:
5d:c9:6e:5d:de:18:63:d8:1c:dd:27:be:79:c1:f9:6b:76:6b:
3f:50:4d:8c:11:e6:59:b7:90:93:a4:0e:2b:38:ea:c8:95:4a:
aa:8f:cd:30:b7:03:94:de:d1:fa:d9:60:dd:a2:3e:cf:cd:eb:
32:15:df:11:53:3d:4e:33:c4:7e:16:a2:dd:9c:78:3d:37:d7:
a3:14:b2:1a
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIUSVmFsdEp/ZrPpkLd+9UoXMy7aXwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTQwOTMwMTRaFw0yNjA3MTMwOTM1MTRaMDMxMTAvBgNV
BAMTKEY3OUE2NTRFNjM1NjQwRTBBN0VCMzMzRUY3QjU0OUZDRkEzMjYwMzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYN0OYROmafyLw/ikl96ePA23h
ihxd28x2hhZNopCdKcVgJG3BsAagJfDACDhT0AyMU/LApK52db+VUM5tI1BdB+kX
0sr8gG4NyWTAR0t8g656/VK9m/jPzUQqzuTTSjJoNDP7s3XyIlpQQQ9FMfxeGCVJ
KB9UFW2DIyHCWYdrfySxqz/1kVk74uQavHgaovucyqop3CoxdxVVplRi/OXUr23c
RJUk82nmbRcRqUOwGyCcnBBc6hsSQjO0Ym4PhQruSyjqxn6zcQBg5sX795eIoqz0
C5KguE8FjreA0oQs7NqG1GSuNz5+OnmUXWfR/tShIS1BGnH+yqAZ7Ad3bixdAgMB
AAGjggIeMIICGjAdBgNVHQ4EFgQU95plTmNWQOCn6zM+97VJ/PoyYDYwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM3MjM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAjxRZ
AwQAjxRiMAwDBACPFM0DBACPFM4wDQYJKoZIhvcNAQELBQADggEBAE/DzlemrW8H
iC0b54dW3eNy1Nq7BfVeipHkJDOorsX8MYXy14mQC4pOjawxMGrL9HUKqbDl5Ppw
jZ4jOzCAt/wHZ8BEUOYSpxZuD2NHBCp99OcJoqQuJj1803G8rlmmW45OUYVMEbln
1iFuvEhrZDlA6U/JnjMLT7dAnGOsqZaqwMRzmJGoPUn8zZCMJToFO/QzmYmUwLI4
Zu24BsEe61x5CAqyVcU9dUJFdUx9B+XBFHSqxV3Jbl3eGGPYHN0nvnnB+Wt2az9Q
TYwR5lm3kJOkDis46siVSqqPzTC3A5Te0frZYN2iPs/N6zIV3xFTPU4zxH4Wot2c
eD0316MUsho=
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:45:08 2025 by rpki-client